The US Department of Justice filed a civil forfeiture complaint on June 5, 2025, targeting over $7.7 million in cryptocurrency, NFTs, and digital assets allegedly connected to a sophisticated North Korean money laundering operation.
The scheme involved deploying IT workers abroad under false identities to infiltrate US and foreign technology companies, with proceeds ultimately flowing to sanctioned North Korean entities including the Foreign Trade Bank and Ministry of Defense.
The complaint reveals a coordinated strategy by North Korea to embed IT workers within legitimate companies, particularly in blockchain and decentralized finance sectors.
These operatives, stationed primarily in China, Russia, and the United Arab Emirates, used falsified identities, stolen documents, and virtual private networks to conceal their North Korean origins from unsuspecting employers.
US companies unknowingly hired these workers for software development, smart contract engineering, and blockchain infrastructure roles.
The workers operated under aliases such as “Joshua Palmer,” “Bram Chen,” and “Alex Hong,” submitting fraudulent resumes and documentation.
Payments made in stablecoins like USDC and USDT were immediately transferred through complex laundering networks rather than retained by the workers.
Investigators identified multiple red flags, including login access from IP addresses in Russia and the UAE, Korean language settings on devices, and the reuse of hardware across multiple fake personas.
These patterns revealed centralized coordination rather than independent freelance work.
Key Players Orchestrated Financial Flows
Two central figures emerged as primary conduits for the laundered funds.
Sim Hyon Sop, a representative of North Korea’s sanctioned Foreign Trade Bank operating from Dubai, maintained a self-hosted wallet that received over $24 million in cryptocurrency between August 2021 and March 2023.
.pptx%20(21).png)
Kim Sang Man, CEO of Chinyong, an IT company subordinate to North Korea’s Ministry of Defense, managed accounts using forged Russian identity documents while operating from Vladivostok.
The laundering process involved fragmenting transfers through multiple self-custodied wallets, centralized exchanges, and alternative blockchain networks.
Funds were eventually converted to fiat currency through over-the-counter brokers. Investigators traced over 84 exchange accounts tied to the network, many established using false Know Your Customer documents.
Some wallets were voluntarily frozen by Tether following US law enforcement requests, while others were seized through federal warrants executed in 2022 and 2023.
The seized assets include various cryptocurrencies, high-value NFTs, and Ethereum Name Service domain names.
Broader Pattern of State-Sponsored Crypto Crime
This action represents part of a larger trend in North Korean cryptocurrency operations.
According to Report, North Korea has stolen approximately $5 billion in cryptocurrency over eight years, making it the most prolific nation-state crypto threat actor.
While traditional exchange hacks like the $1.5 billion Bybit exploit attributed to the Lazarus Group remain significant, the regime has increasingly shifted toward legitimate employment deception.
The DOJ is proceeding under federal wire fraud, money laundering, and International Emergency Economic Powers Act violations.
This enforcement action follows previous US government advisories warning the private sector about national security risks posed by fraudulent North Korean IT workers, reflecting growing recognition that such schemes provide material funding for prohibited weapons programs.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
